Privacy Economics

Search

Privacy
is good.
Perfect privacy is really hard, probably
unachievable. It’s not a binary thing, but a big dial
we can turn up or down. So obviously, we should be turning it up.

The economics ·
It’s like this. If there’s data flowing over the Net that the
intelligence community can scoop up for free, they will, and they’ll store it
forever.
Criminals and stalkers will scoop too, looking for
credit-card numbers and home addresses and so on.

But the Internet volume is so high that if it processing a conversation
takes any non-zero investment of effort or money, then spooks and
crooks won’t bother (unless you’re a real target);
nobody can afford X times billions/day, no matter how small X is.

Thus every time you turn the privacy dial up, even just a little, you
make certain classes of surveillance and of crime
uneconomic. This is a good thing.

The perfect and the good ·
There are people out there who want more: They’re not sure
HTTPS is good enough (it is), they think your private key should be locked
away in specialized hardware (it shouldn’t), and they think
Tor and
Tails are appropriate for everyday Net
use (they’re not).

The problem is twofold: First, the level of privacy the purists want is
really complicated, irritating and inconvenient. But we don’t want to give
people the impression that basic privacy is hard, because then they just won’t
bother.

The other half is that what purists propose won’t work. If
democratic-government employees seriously think you’re planning to blow up
infrastructure, or are smuggling Uzis to narcos, they’re gonna bypass all the
encryption and just put a microphone in a camera in the places where you work.
If the Chinese government thinks you might be about to expose official theft,
or remind people of June 1989, they’ll take similarly extreme measures.
I dunno, maybe Jason
Bourne and George Smiley know tricks to hide in plain sight, but you and I are
going to have to settle for ordinary
strong privacy
or maybe even
common
privacy.

Tor makes all sorts of sense if you occasionally need to purchase something
illegal, or you’re a journalist in Thailand working on an exposé concerning the
royal family; and you can imagine other scenarios. But if you want to stop the
vast majority of daily-life surveillance, just do something so it’s not free
any more.

The idea is simple: Sometimes when you make a Net connection that begins
with “http:”, the infrastructure could go ahead and encrypt it for you
anyhow. Of course, a real “https:” connection not only does the encryption
but tries to prove who you’re talking to, thus making it really hard for
someone to read (and maybe change) the messages between you and your bank.

But really, who cares? Given basic modern cryptography, man-in-the-middle
attacks require active
subversion of the infrastructure, possible but tricky and
time-consuming. Which means: It Just. Won’t. Happen. At scale anyhow, against
ordinary people doing ordinary things using reasonably modern technology.

The purists are predictably against this, saying it’ll discourage the use
of “real” privacy tech, give a false sense of security, and so on. And yeah,
real “https:” is better and you
should be doing it
anyhow.

But opportunistic privacy is better than none. A strong password is better
than a weak one. A password manager is better than your memory. A second
factor is better than just a password. An encrypted disk is better than a
wide-open one. None of these things buy you anything absolute. But every time
the dial turns, certain bad things stop happening, and the world becomes a
better place.

Updated: 2014/07/28

Contributions

Just wanted to ask why you claim that people need to pay X times Billions , when they can just do targeted attacks?

Pick a small number of random small businesses and DDoS them for ransom money. Or find a number of "high value" persons and attack them. I dont mean billionaires. Someone with wealth in the 100s of thousands is wealthier than something like 95% of the world (according to some wealth calculators) .

"No one can afford X times billions/day". Ah. Once you have the ability to draft zillions of edge routers and internal servers to do your bidding, the amount of computational power available to you explodes. Limited of course by available bandwidth, jitter and willingness to expose information.